diff options
Diffstat (limited to 'doc/gpg.texi')
| -rw-r--r-- | doc/gpg.texi | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 450e521dc..674c4c6ba 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -113,9 +113,12 @@ only one command is allowed. Generally speaking, irrelevant options are silently ignored, and may not be checked for correctness. @command{@gpgname} may be run with no commands. In this case it will -perform a reasonable action depending on the type of file it is given -as input (an encrypted message is decrypted, a signature is verified, -a file containing keys is listed, etc.). +print a warning perform a reasonable action depending on the type of +file it is given as input (an encrypted message is decrypted, a +signature is verified, a file containing keys is listed, etc.). + +If you run into any problems, please add the option @option{--verbose} +to the invocation to see more diagnostics. @menu @@ -2387,10 +2390,10 @@ opposite meaning. The options are: @item self-sigs-only Accept only self-signatures while importing a key. All other - key-signatures are skipped at an early import stage. This option + key signatures are skipped at an early import stage. This option can be used with @code{keyserver-options} to mitigate attempts to flood a key with bogus signatures from a keyserver. The drawback is - that all other valid key-signatures, as required by the Web of Trust + that all other valid key signatures, as required by the Web of Trust are also not imported. @item repair-keys @@ -3340,6 +3343,12 @@ weak. See also @option{--allow-weak-digest-algos} to disable rejection of weak digests. MD5 is always considered weak, and does not need to be listed explicitly. +@item --allow-weak-key-signatures +@opindex allow-weak-key-signatures +To avoid a minor risk of collision attacks on third-party key +signatures made using SHA-1, those key signatures are considered +invalid. This options allows to override this restriction. + @item --no-default-keyring @opindex no-default-keyring Do not add the default keyrings to the list of keyrings. Note that |